Iranian hackers claim cyber attack on New York dam

(NBC News) - An Iranian hactivist group has claimed responsibility for a cyberattack that gave it access to the control system for a dam in the suburbs of New York — and intrusion that one official said may be "just the tip of the iceberg."

The group, SOBH Cyber Jihad, sent a message through another Iran-linked hacker outfit, Parastoo, promising that it would release the technical information that proves it was behind the 2013 breach, according to Flashpoint Intelligence.

The hackers claimed they kept quiet about the attack for two years because of a "state-level" warning not to go public with it "for the greater good."

It wasn't until the Wall Street Journal reported the breach this weekend that SOBH Cyber Jihad said it decided to take credit for the operation against the Bowman Avenue Dam in Rye Brook, N.Y., just north of New York City.

Sen. Charles Schumer, D-N.Y., said the revelation should be a wakeup call that the nation's critical infrastructure is too vulnerable to "evil-doers" toiling away at keyboards.

"This cyber attack surely serves as a bucket of ice water to the face," he said during a Wednesday press conference.

"There are larger dams, there are public utilities, there are nuclear power plants," he added. "We don't know how many attacks like this have been attempted. Is it just the tip of the iceberg."

Officials in Rye said the Department of Homeland Security notified them about "unauthorized access" to the city's computer system and followed up with a report in January.

The DHS report, which was obtained by NBC News, says the intruder accessed and read files — including usernames and passwords — six times between Aug. 22 and Sept. 27, 2013.

A source familiar with the investigation told NBC News that the breach was traced to an Iranian group, but that it was never clear if the intrusion was condoned by the government in Tehran. A spokesman for the Iranian Mission to the United Nations did not respond to a request for comment.

The hackers did not ever manipulate the dam over the Blind Brook, officials in Rye said. While the dam dates back to the 1940s, it has a sluice gate that was designed to be opened and closed by computer but never fully worked, the city said.

Leo Taddeo, former special agent in charge of the Cyber Division of the New York FBI, said that even though Bowman Avenue Dam doesn't seem like a prime target, "we would be very, very concerned about any foreign attempt to affect a component of our critical infrastructure."

"If they could have accessed the Hoover Dam without being detected, I think they would have done that," he said.

A dam of any size is of "major concern," said Taddeo, who is now the chief security officer for the private firm Cryptzone. "They could pose a very expensive problem for the dam operator and could be a public safety issue if there is flooding."

While he could not comment on the Rye incident, he said foreign hackers use intrusions like the one in 2013 to "signal to the U.S. that they have the capability and to divert some of our resources into investigating and thwarting this activity."

He said it was likely that the hackers were probing a number of dams "and this one was misconfigured in a way they could affect it."

"I think we can view this as a target of opportunity," he said, adding that if the hackers found a security loophole in a larger facility such as the Hoover Dam, they wouldn't hesitate to take advantage of it.

"The lesson is network operators have to be vigilant, have to keep systems updated and patched and make sure their perimeter protections are in place and they have to harden their interiors," he said.

Schumer said he is asking Homeland Security to launch a sweeping investigation into how vulnerable critical infrastructure is to attacks through computers and he wants the federal government to work more closely with state and local governments and private companies to beef up Internet security.

"It's malignant," he said of hack attacks. "And it could be metastasizing."

The security firm Cylance reported last year that Iranian hackers had infiltrated top energy, transportation and infrastructure companies across the globe — including 10 American firms — over a two-year period. Iran denied any involvement.

Iran has also been a target. A damaging computer worm called Stuxnet, uncovered in 2010 and believed to have been developed by U.S. and Israeli intelligence, attacked centrifuges at Iran's nuclear enrichment center, setting back the program by two years, according to experts.